Clay Seal

Clay Seal

A control plane that checks and records every action an AI agent takes

Paid
4.2 (6 reviews)

Gallery

About Clay Seal

Clay Seal is a runtime security control plane for AI agents that checks and records each action an agent takes at the moment it happens, instead of handing over a broad set of permissions at the start of a session and trusting the agent for the rest. The idea is simple to state. Most systems give an agent an API key or an OAuth scope that grants the same access for the whole run, no matter what the agent does with it, and Clay Seal replaces that with a check on every individual action. If an agent starts doing something it shouldn't, its next action is blocked rather than waved through.

The problem it targets is that static permissions fit regular software but not agents. A key or a scope is fine when a program behaves predictably, but an agent can be steered mid-task into misusing the access it already holds, and by then it has everything it needs to do damage. That gap matters most where actions can't be undone, like sending a payment, deploying code, touching customer data, or changing infrastructure. Clay Seal is built around the assumption that the dangerous moment is the action itself, so that's where it puts the control.

The product breaks into three parts that each work on their own. The first is runtime authority. Before an agent does anything irreversible, it has to present a token that was minted for that exact action, and the token only works once. If the arguments have changed, if it's been used before, if the signer isn't trusted, or if the grant went stale mid-task, the action is rejected. Teams usually start with whichever piece solves their most urgent problem and add the others later, so it doesn't demand an all-or-nothing adoption.

The second part is attested identity. An agent has to prove where it's running before it gets any credentials, and those credentials are short-lived and tied to a key only that agent holds, so a stolen token on its own is useless. Each action is linked back to the program that ran it and the person who owns it, with an identity drawn from the actual runtime rather than a shared secret. In practice a team scopes an agent to something like database reads and specific web access, and the resulting identity carries that scope wherever the agent acts.

The third part is verifiable receipts. Everything an agent does, and everything it's blocked from doing, is saved as a signed record that includes the policy it ran under, and the records are chained so that editing one after the fact is easy to catch. A team can hand that record to an auditor or a customer, who can verify it offline without trusting Clay Seal at all. The company leans on open standards to make that possible, including SPIFFE and SVID for identity, Biscuit tokens, Ed25519 signatures, RFC 6962 Merkle proofs, and MCP, so the receipts stand on their own.

On each action the flow is attest, scope, steer, and seal. The agent proves where it's running and gets an identity, the policy becomes a concrete list of what's allowed, each action is checked as it happens with a bad run stopped, and the outcome is written down for later. It's meant for teams running agents in production against sensitive surfaces, payments and refunds, pull requests and deployments, customer data, internal ops, and cloud resources. Policies are written as files like a refunds rule set, and a command-line tool verifies receipt bundles so anyone can confirm a record independently.

The name is a nod to an old idea. A long time ago, people sealed shipments with a stamp pressed into clay, and if the clay arrived unbroken and the stamp matched, you knew who sent it and that no one had opened it along the way, all without having to trust the courier. Clay Seal does the same thing for the work agents do, recording each action as it happens so anyone can check it afterward. That framing runs right through the design, from the attested identity that proves who acted, to the scoped authority that limits what they can do, to the receipts that leave a trail nobody can quietly alter. The open standards it builds on, from SPIFFE and Biscuit tokens to Merkle proofs and Nitro attestation, are all chosen so a receipt holds up on its own without anyone having to take the company's word for it.

Access is early. Clay Seal is onboarding design partners through a waitlist rather than selling a self-serve plan, and there's no public pricing yet. Applicants describe what their agents touch and hear back from a real person, with the docs open to read in the meantime. For a team that already trusts agents with actions it can't take back, the pitch is worth understanding even at this stage, since the approach of authorizing one action at a time and keeping a checkable record is a real departure from the blanket-permission model most agent stacks ship with today.

Key Features

  • Per-action runtime authorization
  • Single-use commit tokens
  • Attested identity via SPIFFE and SVID
  • Short-lived, agent-bound credentials
  • Signed, verifiable action receipts
  • Offline receipt verification via CLI

Pros & Cons

What we like

  • Checks each action instead of a whole session
  • Blocks reused or mutated action tokens
  • Receipts verify offline without trusting the vendor
  • Built on open standards like SPIFFE and Ed25519

Room for improvement

  • Early access, currently onboarding design partners
  • No public pricing published yet
  • Requires technical setup and policy authoring
  • Aimed at teams already running production agents

Frequently Asked Questions

What is Clay Seal?
Clay Seal is a runtime security control plane for AI agents. Instead of granting broad permissions for a whole session, it authorizes and records each individual action as it happens, and blocks the next action if an agent starts misbehaving.
How does Clay Seal work?
Each action runs through attest, scope, steer, and seal. The agent proves where it's running and gets a short-lived identity, its policy becomes a concrete list of allowed actions, each action is checked at runtime with single-use tokens, and the outcome is saved as a signed receipt anyone can verify offline.
Is Clay Seal available yet?
It's early. Clay Seal is onboarding design partners through a waitlist rather than offering a self-serve plan, and there's no public pricing yet. You describe what your agents touch, and a real person reviews applications weekly.
Who is Clay Seal for?
It's built for teams running agents in production against sensitive surfaces, such as payments and refunds, code deployments and CI, customer data, internal operations, and cloud infrastructure. It fits anyone who needs per-action control and an auditable record of what their agents did.

Best For

Gating an agent's payments and refunds behind per-action approvalScoping what a deployment agent can push to CIProtecting customer data an agent can reachGiving auditors verifiable records of agent actions

Featured in

Alternatives to Clay Seal

View all

Reviews (6)

F
Freya Costa

Solid daily driver

Clay Seal has quietly become part of my daily flow. Their take on built on open standards like spiffe and ed25519 is genuinely good. What stands out is how little babysitting it needs. No regrets so far.

4/7/2026 15 found this helpful
M
Morgan Davis

Pulled its weight from week one

Three months of Clay Seal later, here is what holds up. The output quality holds up better than I expected.

4/9/2026 11 found this helpful
A
Aditya Pereira

Solid daily driver

Clay Seal has quietly become part of my daily flow. What stands out is how it handles built on open standards like spiffe and ed25519. It slotted into my routine without much fuss. Mostly using it for scoping what a deployment agent can push to ci. It earns its place in my stack.

4/30/2026 9 found this helpful
F
Freya Gupta Verified

Recommended without reservation

Picked Clay Seal for the price, stayed for the quality. Their take on offline receipt verification via cli is genuinely good. Hard to imagine going back to my old setup.

6/12/2026 4 found this helpful
M
Maya Svensson Verified

Good, with a few caveats

Tried Clay Seal on a side project first, then rolled it out everywhere. The defaults are sensible, so I was not fighting settings on day one. The catch is requires technical setup and policy authoring. Glad I made the switch.

6/6/2026 1 found this helpful
M
Maja Lima

Solid daily driver

Tried Clay Seal on a side project first, then rolled it out everywhere. Where it really wins is short-lived, agent-bound credentials. Mostly using it for scoping what a deployment agent can push to ci. Glad I made the switch.

5/5/2026